 |
|
|
|
 |
Become a fan
8
Excellent tricks and techniques of Google Hacks
ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can store for later reference. These should not be on the web!
That's some good stuff. Just copy/paste the text into your own WS FTP ini file and you're good as gold (assuming you're using the same version). Don't forget - even if they have taken the file offline, use the "cache:FULL_URL/wsftp.ini" to see the contents. probably one of the best exploits I have seen in a long time, when I did it there were about 20 vulnerable computers, just recently there was 4 so I hope whitehats got to this before anyone else. really nice !!
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:index.of ws_ftp.ini
==============================================
Frontpage.. very nice clean search results listing !! I magine with me that you can steal or know the password of any web site designed by "Frontpage". But the file containing the password might be encrypted; to decrypt the file download the program " john the ripper".
To see results; just write in the (http://www.google.com/) search engine the code:
"# -FrontPage-" inurl:service.pwd
==============================================
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics.
To see results; just write in the (http://www.google.com/) search engine the code:
"AutoCreate=TRUE password=*"
==============================================
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net.
To see results; just write in the (http://www.google.com/) search engine the code:
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Or
http://bob:bob@www
Or
http://admin:*@www
==============================================
This search is a cleanup of a previous entry by J0hnny. It uses "parent directory" to avoid results other than directory listings.
WS_FTP.ini is a configuration file for a popular win32 FTP client that stores usernames and weakly encoded passwords.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:ini ws_ftp pwd
Or
"index of/" "ws_ftp.ini" "parent directory"
==============================================
Microsoft Frontpage extensions appear on virtually every type of scanner. In the late 90's people thought they where hardcore by defacing sites with Frontpage. Today, there are still vulnerable servers found with Google.
An attacker can simply take advantage from administrators who 'forget' to set up the policies for Frontpage extensions. An attacker can also search for 'filetype:pwd users'.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:pwd service
==============================================
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are! And much adminstrated passwords and user passwords, a lot of emails and the such too...
To see results; just write in the (http://www.google.com/) search engine the code:
allinurl: admin mdb
==============================================
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun.
To see results; just write in the (http://www.google.com/) search engine the code:
allinurl:auth_user_file.txt
==============================================
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. To see view the PHP files; there in lies the catch. Browsers are made to process the commands of PHP before display, so if no commands, nothing to show. You can't use that persay to get into the config file, but it would show potential threats if someone got into server anyway. (If that happens you're basically boned anyway, not much around that.
ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can store for later reference. These should not be on the web!
That's some good stuff. Just copy/paste the text into your own WS FTP ini file and you're good as gold (assuming you're using the same version). Don't forget - even if they have taken the file offline, use the "cache:FULL_URL/wsftp.ini" to see the contents. probably one of the best exploits I have seen in a long time, when I did it there were about 20 vulnerable computers, just recently there was 4 so I hope whitehats got to this before anyone else. really nice !!
To see results; just write in the (http://www.google.com/) search engine the code:
intitle:index.of ws_ftp.ini
==============================================
Frontpage.. very nice clean search results listing !! I magine with me that you can steal or know the password of any web site designed by "Frontpage". But the file containing the password might be encrypted; to decrypt the file download the program " john the ripper".
To see results; just write in the (http://www.google.com/) search engine the code:
"# -FrontPage-" inurl:service.pwd
==============================================
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics.
To see results; just write in the (http://www.google.com/) search engine the code:
"AutoCreate=TRUE password=*"
==============================================
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net.
To see results; just write in the (http://www.google.com/) search engine the code:
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Or
http://bob:bob@www
Or
http://admin:*@www
==============================================
This search is a cleanup of a previous entry by J0hnny. It uses "parent directory" to avoid results other than directory listings.
WS_FTP.ini is a configuration file for a popular win32 FTP client that stores usernames and weakly encoded passwords.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:ini ws_ftp pwd
Or
"index of/" "ws_ftp.ini" "parent directory"
==============================================
Microsoft Frontpage extensions appear on virtually every type of scanner. In the late 90's people thought they where hardcore by defacing sites with Frontpage. Today, there are still vulnerable servers found with Google.
An attacker can simply take advantage from administrators who 'forget' to set up the policies for Frontpage extensions. An attacker can also search for 'filetype:pwd users'.
To see results; just write in the (http://www.google.com/) search engine the code:
filetype:pwd service
==============================================
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are! And much adminstrated passwords and user passwords, a lot of emails and the such too...
To see results; just write in the (http://www.google.com/) search engine the code:
allinurl: admin mdb
==============================================
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun.
To see results; just write in the (http://www.google.com/) search engine the code:
allinurl:auth_user_file.txt
==============================================
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. To see view the PHP files; there in lies the catch. Browsers are made to process the commands of PHP before display, so if no commands, nothing to show. You can't use that persay to get into the config file, but it would show potential threats if someone got into server anyway. (If that happens you're basically boned anyway, not much around that.
Comments & Reviews ^topBe the first to comment on this! |
|
Recommendedgoogle tricks 1 20 Great Google Secrets Cracking Zip Password Files Final Fantasy XII Walkthrough BURNING X-BOX & GAMECUBE GAMES USEING CDRWIN |
© WP Technology Inc. 2009
User-posted content is subject to its own terms.
User-posted content is subject to its own terms.
